[***] Summary: [***]

12 new OPEN, 37 new PRO (12 + 25) DCRat, Cisco RV320/RV325
Exploits, FatalRAT, APT28/SkinnyBoy, Magecart, Android/Agent.BQX and
some Kimsuky Related.

Thanks @c3rb3ru5d3d53c @James_inthe_box @rootprivilege and @cluster25_io

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2033087 - ET TROJAN Win32/DCRat CnC Exfil (trojan.rules)
2033088 - ET EXPLOIT Cisco RV320/RV325 Command Injection Attempt
Inbound (CVE-2019-1652) (exploit.rules)
2033089 - ET EXPLOIT Cisco RV320/RV325 Config Disclosure Attempt
Inbound (CVE-2019-1653) (exploit.rules)
2033090 - ET EXPLOIT Successful Cisco RV320/RV325 Config Disclosure
(CVE-2019-1653) (exploit.rules)
2033091 - ET EXPLOIT Cisco RV320/RV325 Debug Dump Disclosure Attempt
Inbound (CVE-2019-1653) (exploit.rules)
2033092 - ET EXPLOIT Successful Cisco RV320/RV325 Debug Dump
Disclosure (CVE-2019-1653) (exploit.rules)
2033093 - ET TROJAN FatalRAT CnC Activity (trojan.rules)
2033094 - ET TROJAN sysrv.ELF Exploit Success Payload Request (trojan.rules)
2033095 - ET TROJAN ALFA Shell APT33 DNS Lookup (solevisible .com)
(trojan.rules)
2033096 - ET TROJAN APT28/SkinnyBoy Checkin (trojan.rules)
2033097 - ET TROJAN APT28/SkinnyBoy Payload Request (trojan.rules)
2033098 - ET TROJAN Observed Magecart Skimmer Domain (analiticsweb
.site in TLS SNI) (trojan.rules)

Pro:

2848816 - ETPRO MOBILE_MALWARE Android Spy Malban Checkin
(mobile_malware.rules)
2848817 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 96
(mobile_malware.rules)
2848818 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 97
(mobile_malware.rules)
2848819 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 98
(mobile_malware.rules)
2848820 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 99
(mobile_malware.rules)
2848821 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 100
(mobile_malware.rules)
2848822 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 101
(mobile_malware.rules)
2848823 - ETPRO MOBILE_MALWARE Android/Agent.BQX (TLS SNI) 102
(mobile_malware.rules)
2848824 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2848825 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT) (trojan.rules)
2848826 - ETPRO TROJAN ELF/Mirai Variant CnC Checkin (trojan.rules)
2848827 - ETPRO TROJAN ELF/Mirai Variant Inbound CnC Command (trojan.rules)
2848828 - ETPRO POLICY Outbound H.323 Q.931 INFORMATION Packet On
Non-Standard Low Port (policy.rules)
2848829 - ETPRO POLICY Outbound H.323 Q.931 RELEASE COMPLETE Packet
On Non-Standard Low Port (policy.rules)
2848830 - ETPRO POLICY Outbound H.323 Q.931 SETUP Packet On
Non-Standard Low Port (policy.rules)
2848831 - ETPRO POLICY Outbound H.323 Q.931 CALL PROCEEDING Packet
On Non-Standard Low Port (policy.rules)
2848832 - ETPRO POLICY Outbound H.323 Q.931 CONNECT Packet On
Non-Standard Low Port (policy.rules)
2848833 - ETPRO POLICY Outbound H.323 Q.931 FACILITY Packet On
Non-Standard Low Port (policy.rules)
2848834 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-03 1) (trojan.rules)
2848835 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-03 2) (trojan.rules)
2848836 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-03 3) (trojan.rules)
2848837 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-03 4) (trojan.rules)
2848838 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-06-03 5) (trojan.rules)
2848839 - ETPRO TROJAN Kimsuky Related Activity (POST) (trojan.rules)
2848840 - ETPRO TROJAN Kimsuky Related Activity (GET) (trojan.rules)

[///] Modified active rules: [///]

2014297 - ET POLICY Vulnerable Java Version 1.7.x Detected (policy.rules)
2027462 - ET CURRENT_EVENTS Possible Encoded Wide PowerShell (IEX)
in Certificate Inbound (current_events.rules)
2028867 - ET POLICY Vulnerable Java Version 11.0.x Detected (policy.rules)
2824801 - ETPRO TROJAN Lets Encrypt Free SSL Cert Observed in
Possible Paypal Phishing (trojan.rules)